FKIE_CVE-2011-1022
Vulnerability from fkie_nvd - Published: 2011-03-22 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| balbir_singh | libcgroup | * | |
| balbir_singh | libcgroup | 0.1b | |
| balbir_singh | libcgroup | 0.1c | |
| balbir_singh | libcgroup | 0.2 | |
| balbir_singh | libcgroup | 0.3 | |
| balbir_singh | libcgroup | 0.31 | |
| balbir_singh | libcgroup | 0.32 | |
| balbir_singh | libcgroup | 0.32.1 | |
| balbir_singh | libcgroup | 0.32.2 | |
| balbir_singh | libcgroup | 0.33 | |
| balbir_singh | libcgroup | 0.34 | |
| balbir_singh | libcgroup | 0.35 | |
| balbir_singh | libcgroup | 0.35.1 | |
| balbir_singh | libcgroup | 0.36 | |
| balbir_singh | libcgroup | 0.36.1 | |
| balbir_singh | libcgroup | 0.36.2 | |
| balbir_singh | libcgroup | 0.37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0BCCAA-81E9-437F-BA72-BA4CD06A486C",
"versionEndIncluding": "0.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "43F309E6-1832-4E2E-9E08-AC86FDBB5F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDACB92-6E32-49BB-8C1C-2897CC848208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07C80D9D-E561-4703-96AD-A94EAC8E164B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8633EB57-9EE8-4653-B8F6-A25465A9EA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "59F48A0C-3B96-43B9-9B69-54823BA06750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "653BEE43-D5D5-4CF9-82A1-F6FCD9FF4888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE89E298-CAEF-422C-9CCD-681A199BC57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.32.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C27CEFA-E730-4B14-ADEB-88D176C009ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "845A2CE5-0787-4A27-B49B-E254F19BB3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B161B-5DF9-42F0-82FE-D2E277B894C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C8A145-D946-4F34-A40D-CC97B92D43B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.35.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8910F268-5B95-4459-9411-222DCD85BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ED72E4-64CD-4A8C-8911-7DC362D40A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE35D91B-E874-4E60-ACB4-42102393264E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.36.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F28E1E9-3AB9-484E-A4AC-338893DE9E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "208A5A77-C092-4F84-B8C7-476A2321AFBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message."
},
{
"lang": "es",
"value": "La funci\u00f3n cgre_receive_netlink_msg en daemon/cgrulesengd.c en cgrulesengd en Control Group Configuration Library (tambi\u00e9n conocido como libcgroup or libcg) anteriores a v0.37.1 no verifica que los mensajes netlink se originen en el n\u00facleo, lo que permite a usuarios locales eludir las restricciones de acceso a recursos a trav\u00e9s de un mensaje manipulado."
}
],
"id": "CVE-2011-1022",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-22T17:55:01.987",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/12"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/25/14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43758"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43891"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44093"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=26598749"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=27102603"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2193"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0320.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46578"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0679"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0774"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/25/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/25/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=26598749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=27102603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0320.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680409"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…